Flappyhead:I'm not slogging through that to figure out what the hell is going on.

From what I could gather, a hacker sold a bunch of credit card numbers to a guy, but that guy put the numbers on a flash drive that was infected with a virus. The virus encrypted the numbers and would only be released with a key that could be obtained by delivering the electronic money to a specific location within an MMO. Unfortunately Russian mobsters got involved and then a bunch of jihadists and before you know it grandma here is traipsing through British Colombia with a Claymore Mine strapped to her chest.

...and lo and behold there is a late-60s lady moping around the RoboCoin. I was with my Dad (he wanted to learn how to buy BTC)--I start putting 20s in the machine and he starts talking to the older lady. After I finished with the ATM, my dad says "Peter, maybe you can help this women."

She tells me that she put money in the machine but never got any bitcoins out.

I asked her if she used her phone and she says "no I don't have a 'smart phone,' the machine just gave me this receipt" as she hands me the paper.

I look at the receipt and can immediately see that it is her private key, so I tell her that those are her bitcoins and she needs to load them onto her computer if she wants to spend them.

She says, "you mean my bitcoins are in this piece of paper?"

Uh oh.....so by now I'm thinking that she really shouldn't be investing in bitcoins without some help from her son or grandson. I ask "so, are you investing in bitcoins?"

And she says, "I don't even know what bitcoins are but my computer says I have to give it one to get my files back."

and then she gasps:

"and I've been trying for days to buy one!"

Well, I tried my best to help her, but I have my doubts.

Cryptolocker strikes again

tl;dr: Malware encrypts hard drive, demands bitcoin as payment. Old people are forced to buy hard drive if they want their data back. Price of bitcoin reaches high of $600 in a matter of weeks.

I'm pretty much past caring about what happens to people's computers if I'm not being paid sufficiently.

They've been pervasive household and office staples for fifteen years now. Either learn to farking use them at their most basic level or just move underground and begin your evolutionary descent into cannibalism already.

Do people even realize that file "encryption" malware need not even actually encrypt the files? It could just overwrite them with random bits. How would you or even an expert tell the difference without the "decryption key"? And since these people are criminals and are demanding untraceable, non-refundable, non-cancellable payment, once they have the money, they can either simply give a fake "decryption key" which of course would do nothing, or simply send nothing. What would the victim be able to do about it?

COMALite J:Do people even realize that file "encryption" malware need not even actually encrypt the files? It could just overwrite them with random bits. How would you or even an expert tell the difference without the "decryption key"? And since these people are criminals and are demanding untraceable, non-refundable, non-cancellable payment, once they have the money, they can either simply give a fake "decryption key" which of course would do nothing, or simply send nothing. What would the victim be able to do about it?

Backups, people.

They would have an incentive to send real keys at least some of the time, so victims who investigate their situation see that others have gotten their files back.

Of course, they could just focus on "customers" that don't bother to investigate at all, and let the at-least-somewhat-savvy ones go, but it's a trivial cost to the scammers to actually encrypt and decrypt the files, so why not do it?

COMALite J:Do people even realize that file "encryption" malware need not even actually encrypt the files? It could just overwrite them with random bits. How would you or even an expert tell the difference without the "decryption key"? And since these people are criminals and are demanding untraceable, non-refundable, non-cancellable payment, once they have the money, they can either simply give a fake "decryption key" which of course would do nothing, or simply send nothing. What would the victim be able to do about it?

Paying off the ransom really does get your data back, and is the *only* way to get your data back for most people. That's the entire point: If it didn't work, then fewer people would be willing to pay.

The malware is also designed to encrypt your backups if you backup via file syncing, which is how the vast majority of people do it.

The United States government could crash BitCoin at any time. The algorithm is set up so that the average time to mine a new block is always roughly ten minutes, and it does this by monitoring the total computing power on the network. All the NSA has to do is coordinate a few of their supercomputers, mine a block at an insane difficulty level, then drop back off. The computing requirement (and therefore monetary cost) to pop the next block becomes so large that no one is willing to mine a new block, and all transactions are halted as the network crashes.

I couldn't even bare to wade through all the comments to find the actual story, but I did see this:

So do make backup copies and use different data devices to store your precious files.

That's good advice.

I use myself 4 different types of backup media including online storage and offline storage devices.

That seems a bit obsessive.

I wouldn't trust any single "cloud" service to back up my files. There's no recourse in case they go out of business or the feds seize them. If you use 2 online services for backup what are the odds that they both go tits up at the same time? And then keeping backups in your house is good unless it burns down. You just gotta decide how important your files are to you.

I grew up in an age when all our precious photos were stored in a photo album and if our house had burned to the ground all those memories would have been lost...like tears in the rain.

JayCab:Flappyhead: I'm not slogging through that to figure out what the hell is going on.

From what I could gather, a hacker sold a bunch of credit card numbers to a guy, but that guy put the numbers on a flash drive that was infected with a virus. The virus encrypted the numbers and would only be released with a key that could be obtained by delivering the electronic money to a specific location within an MMO. Unfortunately Russian mobsters got involved and then a bunch of jihadists and before you know it grandma here is traipsing through British Colombia with a Claymore Mine strapped to her chest.

Cryptonomicon, great book! First thing I thought of too when I read about this virus.

phimuskapsi:You could just reinstall Windows over the top and get on with your life, or format and reinstall.

I have Windows on one drive and storage on another...most PC's should do this these days, it's surprising that most don't.

That doesn't work. The virus is programmed to encrypt every drive that is connected to the system when it launches and after it launches, including drives in the cloud. The only type of storage system that defeats it is to make a backup and then unplug that backup from the computer and only plug that separate drive in again when making a new backup. Obviously, this is something of a pain especially for people who do backup frequently.

The guys who did this are good. They thought of most the usual tricks and have programmed around them. .

melkson:JayCab: Flappyhead: I'm not slogging through that to figure out what the hell is going on.

From what I could gather, a hacker sold a bunch of credit card numbers to a guy, but that guy put the numbers on a flash drive that was infected with a virus. The virus encrypted the numbers and would only be released with a key that could be obtained by delivering the electronic money to a specific location within an MMO. Unfortunately Russian mobsters got involved and then a bunch of jihadists and before you know it grandma here is traipsing through British Colombia with a Claymore Mine strapped to her chest.

Cryptonomicon, great book! First thing I thought of too when I read about this virus.

gfid:I couldn't even bare to wade through all the comments to find the actual story, but I did see this:

So do make backup copies and use different data devices to store your precious files.

That's good advice.

I use myself 4 different types of backup media including online storage and offline storage devices.

That seems a bit obsessive.

I wouldn't trust any single "cloud" service to back up my files. There's no recourse in case they go out of business or the feds seize them. If you use 2 online services for backup what are the odds that they both go tits up at the same time? And then keeping backups in your house is good unless it burns down. You just gotta decide how important your files are to you.

I grew up in an age when all our precious photos were stored in a photo album and if our house had burned to the ground all those memories would have been lost...like tears in the rain.

I don't trust cloud yet so I still use a backup hard drive, but that hard drive and the hard drive of my electronic photos goes in a fireproof box. Also still have albums, but slowly digitizing. It's not foolproof, but the box should last the typical length of a house fire.

Living in the Midwest, I just wonder if the box is tornado-proof--it's heavy, but is it heavy enough to not fly away in the force of 150-200 mile winds?